Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel sec...Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel security of HMAC based on SM3(HMAC-SM3)is still to be evaluated,especially in hardware implementation,where only intermediate values stored in registers have apparent Hamming distance leakage.In addition,the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis.In this paper,a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation.Real attack experiments on a field programmable gate array(FPGA)board have been performed.Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.展开更多
基金Project supported by the Major Program of the Ministry of Industry and Information Technology of China(No.2017ZX01030301)the Beijing Natural Science Foundation of China(No.4162053)
文摘Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel security of HMAC based on SM3(HMAC-SM3)is still to be evaluated,especially in hardware implementation,where only intermediate values stored in registers have apparent Hamming distance leakage.In addition,the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis.In this paper,a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation.Real attack experiments on a field programmable gate array(FPGA)board have been performed.Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.
